ELK stack (version 7.16.3) Docker compose bundle

elk-docker-compose.yml

version: "3"
services:
  elasticsearch:
    image: elasticsearch:7.16.3
    container_name: elasticsearch
    restart: unless-stopped
    environment:
    - node.name=elasticsearch
    - discovery.seed_hosts=elasticsearch
    - cluster.initial_master_nodes=elasticsearch
    - cluster.name=docker-cluster
    - xpack.security.enabled=false
    - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    volumes:
    - ./esdata/:/usr/share/elasticsearch/data
    networks:
    - elk_net
  logstash:
    image: logstash:7.16.3
    container_name: logstash
    restart: unless-stopped
    volumes:
    - ./logstash.conf:/config-dir/logstash.conf:ro
    links:
    - elasticsearch
    entrypoint: logstash -f /config-dir/logstash.conf
    networks:
    - elk_net
  kibana:
    image: kibana:7.16.3
    container_name: kibana
    restart: unless-stopped
    ports:
    - 5601:5601
    networks:
    - elk_net
networks:
    elk_net:
        external:
            name: elk_net

When you get max virtual memory areas vm.max_map_count [..] likely too low, increase to at least [..] error from Elasticsearch, run

sudo sysctl -w vm.max_map_count=262144

When running on AWS EC2 (min m5d.2xlarge instance), add this to elasticsearch:

services:
  elasticsearch:
  ...
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
  ...

updated version requires external network
docker network create elk_net

Bumped version to 7.4.2. Please note that all the version updates have been backward compatible with my data so the upgrades have been just updating the versions in compose file and you have the latest and gratest at your fingertips!

Bump to 7.5.2. Can do an in-place upgrade. No data loss, everyhting works as expected.

Bump to 7.9.1. Can do an in-place upgrade. No data loss, everyhting works as expected.

Bump to 7.10.1. Can do an in-place upgrade. No data loss, everyhting works as expected.

Bump to 7.16.3 required additional environment variable in elasticsearch:

• xpack.security.enabled=false